@poolzin/pool-bot 1.28.0 → 2026.1.26

package/dist/security/audit-extra.js

@@ -13,7 +13,7 @@ import { resolveSandboxConfigForAgent, resolveSandboxToolPolicyForAgent, } from
 import { resolveGatewayAuth } from "../gateway/auth.js";
 import { INCLUDE_KEY, MAX_INCLUDE_DEPTH } from "../config/includes.js";
 import { normalizeAgentId } from "../routing/session-key.js";
-import { formatPermissionDetail, formatPermissionRemediation, inspectPathPermissions, safeStat, } from "./audit-fs.js";
+import { formatOctal, isGroupReadable, isGroupWritable, isWorldReadable, isWorldWritable, modeBits, safeStat, } from "./audit-fs.js";
 const SMALL_MODEL_PARAM_B_MAX = 300;
 function expandTilde(p, env) {
     if (!p.startsWith("~"))
@@ -52,7 +52,7 @@ export function collectAttackSurfaceSummaryFindings(cfg) {
     const group = summarizeGroupPolicy(cfg);
     const elevated = cfg.tools?.elevated?.enabled !== false;
     const hooksEnabled = cfg.hooks?.enabled === true;
-    const browserEnabled = cfg.browser?.enabled ?? true;
+    const browserEnabled = Boolean(cfg.browser?.enabled ?? cfg.browser?.controlUrl);
     const detail = `groups: open=${group.open}, allowlist=${group.allowlist}` +
         `\n` +
         `tools.elevated: ${elevated ? "enabled" : "disabled"}` +
@@ -85,7 +85,7 @@ export function collectSyncedFolderFindings(params) {
             severity: "warn",
             title: "State/config path looks like a synced folder",
             detail: `stateDir=${params.stateDir}, configPath=${params.configPath}. Synced folders (iCloud/Dropbox/OneDrive/Google Drive) can leak tokens and transcripts onto other devices.`,
-            remediation: `Keep CLAWDBOT_STATE_DIR on a local-only volume and re-run "${formatCliCommand("moltbot security audit --fix")}".`,
+            remediation: `Keep CLAWDBOT_STATE_DIR on a local-only volume and re-run "${formatCliCommand("clawdbot security audit --fix")}".`,
         });
     }
     return findings;
@@ -106,6 +106,16 @@ export function collectSecretsInConfigFindings(cfg) {
             remediation: "Prefer CLAWDBOT_GATEWAY_PASSWORD (env) and remove gateway.auth.password from disk.",
         });
     }
+    const browserToken = typeof cfg.browser?.controlToken === "string" ? cfg.browser.controlToken.trim() : "";
+    if (browserToken && !looksLikeEnvRef(browserToken)) {
+        findings.push({
+            checkId: "config.secrets.browser_control_token_in_config",
+            severity: "warn",
+            title: "Browser control token is stored in config",
+            detail: "browser.controlToken is set in the config file; prefer environment variables for secrets when possible.",
+            remediation: "Prefer CLAWDBOT_BROWSER_CONTROL_TOKEN (env) and remove browser.controlToken from disk.",
+        });
+    }
     const hooksToken = typeof cfg.hooks?.token === "string" ? cfg.hooks.token.trim() : "";
     if (cfg.hooks?.enabled === true && hooksToken && !looksLikeEnvRef(hooksToken)) {
         findings.push({
@@ -148,6 +158,18 @@ export function collectHooksHardeningFindings(cfg) {
             remediation: "Use a separate hooks.token dedicated to hook ingress.",
         });
     }
+    const browserToken = typeof cfg.browser?.controlToken === "string" && cfg.browser.controlToken.trim()
+        ? cfg.browser.controlToken.trim()
+        : process.env.CLAWDBOT_BROWSER_CONTROL_TOKEN?.trim() || null;
+    if (token && browserToken && token === browserToken) {
+        findings.push({
+            checkId: "hooks.token_reuse_browser_token",
+            severity: "warn",
+            title: "Hooks token reuses the browser control token",
+            detail: "hooks.token matches browser control token; compromise of hooks may enable browser control endpoints.",
+            remediation: "Use a separate hooks.token dedicated to hook ingress.",
+        });
+    }
     const rawPath = typeof cfg.hooks?.path === "string" ? cfg.hooks.path.trim() : "";
     if (rawPath === "/") {
         findings.push({
@@ -360,7 +382,7 @@ function isWebFetchEnabled(cfg) {
 }
 function isBrowserEnabled(cfg) {
     try {
-        return resolveBrowserConfig(cfg.browser, cfg).enabled;
+        return resolveBrowserConfig(cfg.browser).enabled;
     }
     catch {
         return true;
@@ -581,56 +603,35 @@ export async function collectIncludeFilePermFindings(params) {
         return findings;
     for (const p of includePaths) {
         // eslint-disable-next-line no-await-in-loop
-        const perms = await inspectPathPermissions(p, {
-            env: params.env,
-            platform: params.platform,
-            exec: params.execIcacls,
-        });
-        if (!perms.ok)
+        const st = await safeStat(p);
+        if (!st.ok)
             continue;
-        if (perms.worldWritable || perms.groupWritable) {
+        const bits = modeBits(st.mode);
+        if (isWorldWritable(bits) || isGroupWritable(bits)) {
             findings.push({
                 checkId: "fs.config_include.perms_writable",
                 severity: "critical",
                 title: "Config include file is writable by others",
-                detail: `${formatPermissionDetail(p, perms)}; another user could influence your effective config.`,
-                remediation: formatPermissionRemediation({
-                    targetPath: p,
-                    perms,
-                    isDir: false,
-                    posixMode: 0o600,
-                    env: params.env,
-                }),
+                detail: `${p} mode=${formatOctal(bits)}; another user could influence your effective config.`,
+                remediation: `chmod 600 ${p}`,
             });
         }
-        else if (perms.worldReadable) {
+        else if (isWorldReadable(bits)) {
             findings.push({
                 checkId: "fs.config_include.perms_world_readable",
                 severity: "critical",
                 title: "Config include file is world-readable",
-                detail: `${formatPermissionDetail(p, perms)}; include files can contain tokens and private settings.`,
-                remediation: formatPermissionRemediation({
-                    targetPath: p,
-                    perms,
-                    isDir: false,
-                    posixMode: 0o600,
-                    env: params.env,
-                }),
+                detail: `${p} mode=${formatOctal(bits)}; include files can contain tokens and private settings.`,
+                remediation: `chmod 600 ${p}`,
             });
         }
-        else if (perms.groupReadable) {
+        else if (isGroupReadable(bits)) {
             findings.push({
                 checkId: "fs.config_include.perms_group_readable",
                 severity: "warn",
                 title: "Config include file is group-readable",
-                detail: `${formatPermissionDetail(p, perms)}; include files can contain tokens and private settings.`,
-                remediation: formatPermissionRemediation({
-                    targetPath: p,
-                    perms,
-                    isDir: false,
-                    posixMode: 0o600,
-                    env: params.env,
-                }),
+                detail: `${p} mode=${formatOctal(bits)}; include files can contain tokens and private settings.`,
+                remediation: `chmod 600 ${p}`,
             });
         }
     }
@@ -639,46 +640,31 @@ export async function collectIncludeFilePermFindings(params) {
 export async function collectStateDeepFilesystemFindings(params) {
     const findings = [];
     const oauthDir = resolveOAuthDir(params.env, params.stateDir);
-    const oauthPerms = await inspectPathPermissions(oauthDir, {
-        env: params.env,
-        platform: params.platform,
-        exec: params.execIcacls,
-    });
-    if (oauthPerms.ok && oauthPerms.isDir) {
-        if (oauthPerms.worldWritable || oauthPerms.groupWritable) {
+    const oauthStat = await safeStat(oauthDir);
+    if (oauthStat.ok && oauthStat.isDir) {
+        const bits = modeBits(oauthStat.mode);
+        if (isWorldWritable(bits) || isGroupWritable(bits)) {
             findings.push({
                 checkId: "fs.credentials_dir.perms_writable",
                 severity: "critical",
                 title: "Credentials dir is writable by others",
-                detail: `${formatPermissionDetail(oauthDir, oauthPerms)}; another user could drop/modify credential files.`,
-                remediation: formatPermissionRemediation({
-                    targetPath: oauthDir,
-                    perms: oauthPerms,
-                    isDir: true,
-                    posixMode: 0o700,
-                    env: params.env,
-                }),
+                detail: `${oauthDir} mode=${formatOctal(bits)}; another user could drop/modify credential files.`,
+                remediation: `chmod 700 ${oauthDir}`,
             });
         }
-        else if (oauthPerms.groupReadable || oauthPerms.worldReadable) {
+        else if (isGroupReadable(bits) || isWorldReadable(bits)) {
             findings.push({
                 checkId: "fs.credentials_dir.perms_readable",
                 severity: "warn",
                 title: "Credentials dir is readable by others",
-                detail: `${formatPermissionDetail(oauthDir, oauthPerms)}; credentials and allowlists can be sensitive.`,
-                remediation: formatPermissionRemediation({
-                    targetPath: oauthDir,
-                    perms: oauthPerms,
-                    isDir: true,
-                    posixMode: 0o700,
-                    env: params.env,
-                }),
+                detail: `${oauthDir} mode=${formatOctal(bits)}; credentials and allowlists can be sensitive.`,
+                remediation: `chmod 700 ${oauthDir}`,
             });
         }
     }
     const agentIds = Array.isArray(params.cfg.agents?.list)
         ? params.cfg.agents?.list
-            .map((a) => a && typeof a === "object" && typeof a.id === "string" ? a.id.trim() : "")
+            .map((a) => (a && typeof a === "object" && typeof a.id === "string" ? a.id.trim() : ""))
             .filter(Boolean)
         : [];
     const defaultAgentId = resolveDefaultAgentId(params.cfg);
@@ -687,64 +673,40 @@ export async function collectStateDeepFilesystemFindings(params) {
         const agentDir = path.join(params.stateDir, "agents", agentId, "agent");
         const authPath = path.join(agentDir, "auth-profiles.json");
         // eslint-disable-next-line no-await-in-loop
-        const authPerms = await inspectPathPermissions(authPath, {
-            env: params.env,
-            platform: params.platform,
-            exec: params.execIcacls,
-        });
-        if (authPerms.ok) {
-            if (authPerms.worldWritable || authPerms.groupWritable) {
+        const authStat = await safeStat(authPath);
+        if (authStat.ok) {
+            const bits = modeBits(authStat.mode);
+            if (isWorldWritable(bits) || isGroupWritable(bits)) {
                 findings.push({
                     checkId: "fs.auth_profiles.perms_writable",
                     severity: "critical",
                     title: "auth-profiles.json is writable by others",
-                    detail: `${formatPermissionDetail(authPath, authPerms)}; another user could inject credentials.`,
-                    remediation: formatPermissionRemediation({
-                        targetPath: authPath,
-                        perms: authPerms,
-                        isDir: false,
-                        posixMode: 0o600,
-                        env: params.env,
-                    }),
+                    detail: `${authPath} mode=${formatOctal(bits)}; another user could inject credentials.`,
+                    remediation: `chmod 600 ${authPath}`,
                 });
             }
-            else if (authPerms.worldReadable || authPerms.groupReadable) {
+            else if (isWorldReadable(bits) || isGroupReadable(bits)) {
                 findings.push({
                     checkId: "fs.auth_profiles.perms_readable",
                     severity: "warn",
                     title: "auth-profiles.json is readable by others",
-                    detail: `${formatPermissionDetail(authPath, authPerms)}; auth-profiles.json contains API keys and OAuth tokens.`,
-                    remediation: formatPermissionRemediation({
-                        targetPath: authPath,
-                        perms: authPerms,
-                        isDir: false,
-                        posixMode: 0o600,
-                        env: params.env,
-                    }),
+                    detail: `${authPath} mode=${formatOctal(bits)}; auth-profiles.json contains API keys and OAuth tokens.`,
+                    remediation: `chmod 600 ${authPath}`,
                 });
             }
         }
         const storePath = path.join(params.stateDir, "agents", agentId, "sessions", "sessions.json");
         // eslint-disable-next-line no-await-in-loop
-        const storePerms = await inspectPathPermissions(storePath, {
-            env: params.env,
-            platform: params.platform,
-            exec: params.execIcacls,
-        });
-        if (storePerms.ok) {
-            if (storePerms.worldReadable || storePerms.groupReadable) {
+        const storeStat = await safeStat(storePath);
+        if (storeStat.ok) {
+            const bits = modeBits(storeStat.mode);
+            if (isWorldReadable(bits) || isGroupReadable(bits)) {
                 findings.push({
                     checkId: "fs.sessions_store.perms_readable",
                     severity: "warn",
                     title: "sessions.json is readable by others",
-                    detail: `${formatPermissionDetail(storePath, storePerms)}; routing and transcript metadata can be sensitive.`,
-                    remediation: formatPermissionRemediation({
-                        targetPath: storePath,
-                        perms: storePerms,
-                        isDir: false,
-                        posixMode: 0o600,
-                        env: params.env,
-                    }),
+                    detail: `${storePath} mode=${formatOctal(bits)}; routing and transcript metadata can be sensitive.`,
+                    remediation: `chmod 600 ${storePath}`,
                 });
             }
         }
@@ -754,25 +716,16 @@ export async function collectStateDeepFilesystemFindings(params) {
         const expanded = logFile.startsWith("~") ? expandTilde(logFile, params.env) : logFile;
         if (expanded) {
             const logPath = path.resolve(expanded);
-            const logPerms = await inspectPathPermissions(logPath, {
-                env: params.env,
-                platform: params.platform,
-                exec: params.execIcacls,
-            });
-            if (logPerms.ok) {
-                if (logPerms.worldReadable || logPerms.groupReadable) {
+            const st = await safeStat(logPath);
+            if (st.ok) {
+                const bits = modeBits(st.mode);
+                if (isWorldReadable(bits) || isGroupReadable(bits)) {
                     findings.push({
                         checkId: "fs.log_file.perms_readable",
                         severity: "warn",
                         title: "Log file is readable by others",
-                        detail: `${formatPermissionDetail(logPath, logPerms)}; logs can contain private messages and tool output.`,
-                        remediation: formatPermissionRemediation({
-                            targetPath: logPath,
-                            perms: logPerms,
-                            isDir: false,
-                            posixMode: 0o600,
-                            env: params.env,
-                        }),
+                        detail: `${logPath} mode=${formatOctal(bits)}; logs can contain private messages and tool output.`,
+                        remediation: `chmod 600 ${logPath}`,
                     });
                 }
             }

package/dist/security/audit-fs.js

@@ -1,5 +1,4 @@
 import fs from "node:fs/promises";
-import { formatIcaclsResetCommand, formatWindowsAclSummary, inspectWindowsAcl, } from "./windows-acl.js";
 export async function safeStat(targetPath) {
     try {
         const lst = await fs.lstat(targetPath);
@@ -24,83 +23,6 @@ export async function safeStat(targetPath) {
         };
     }
 }
-export async function inspectPathPermissions(targetPath, opts) {
-    const st = await safeStat(targetPath);
-    if (!st.ok) {
-        return {
-            ok: false,
-            isSymlink: false,
-            isDir: false,
-            mode: null,
-            bits: null,
-            source: "unknown",
-            worldWritable: false,
-            groupWritable: false,
-            worldReadable: false,
-            groupReadable: false,
-            error: st.error,
-        };
-    }
-    const bits = modeBits(st.mode);
-    const platform = opts?.platform ?? process.platform;
-    if (platform === "win32") {
-        const acl = await inspectWindowsAcl(targetPath, { env: opts?.env, exec: opts?.exec });
-        if (!acl.ok) {
-            return {
-                ok: true,
-                isSymlink: st.isSymlink,
-                isDir: st.isDir,
-                mode: st.mode,
-                bits,
-                source: "unknown",
-                worldWritable: false,
-                groupWritable: false,
-                worldReadable: false,
-                groupReadable: false,
-                error: acl.error,
-            };
-        }
-        return {
-            ok: true,
-            isSymlink: st.isSymlink,
-            isDir: st.isDir,
-            mode: st.mode,
-            bits,
-            source: "windows-acl",
-            worldWritable: acl.untrustedWorld.some((entry) => entry.canWrite),
-            groupWritable: acl.untrustedGroup.some((entry) => entry.canWrite),
-            worldReadable: acl.untrustedWorld.some((entry) => entry.canRead),
-            groupReadable: acl.untrustedGroup.some((entry) => entry.canRead),
-            aclSummary: formatWindowsAclSummary(acl),
-        };
-    }
-    return {
-        ok: true,
-        isSymlink: st.isSymlink,
-        isDir: st.isDir,
-        mode: st.mode,
-        bits,
-        source: "posix",
-        worldWritable: isWorldWritable(bits),
-        groupWritable: isGroupWritable(bits),
-        worldReadable: isWorldReadable(bits),
-        groupReadable: isGroupReadable(bits),
-    };
-}
-export function formatPermissionDetail(targetPath, perms) {
-    if (perms.source === "windows-acl") {
-        const summary = perms.aclSummary ?? "unknown";
-        return `${targetPath} acl=${summary}`;
-    }
-    return `${targetPath} mode=${formatOctal(perms.bits)}`;
-}
-export function formatPermissionRemediation(params) {
-    if (params.perms.source === "windows-acl") {
-        return formatIcaclsResetCommand(params.targetPath, { isDir: params.isDir, env: params.env });
-    }
-    const mode = params.posixMode.toString(8).padStart(3, "0");
-    return `chmod ${mode} ${params.targetPath}`;
-}
 export function modeBits(mode) {
     if (mode == null)
         return null;